Module: BSV::Auth::GetVerifiableCertificates

Defined in:
lib/bsv/auth/get_verifiable_certificates.rb

Overview

Utility module for retrieving verifiable certificates from a wallet.

Used during the certificate exchange phase of the BSV Auth peer protocol. Lists certificates matching the requested certifiers and types, then calls prove_certificate for each to obtain a verifier-specific keyring for selective field revelation.

Class Method Summary collapse

Class Method Details

.get_verifiable_certificates(wallet, requested_certificates, verifier_identity_key) ⇒ Array<VerifiableCertificate>

Retrieve verifiable certificates from a wallet for presentation to a verifier.

Parameters:

  • wallet (#list_certificates, #prove_certificate)

    the subject’s wallet. Duck-typed — if the wallet does not respond to both methods, returns [].

  • requested_certificates (Hash)

    with keys:

    • :certifiers [Array<String>] list of certifier public key hexes

    • :types [Hash] type (Base64 string) → array of field names to reveal

  • verifier_identity_key (String)

    the verifier’s compressed public key hex

Returns:

  • (Array<VerifiableCertificate>)

    list of verifiable certificates ready for presentation, or [] when the wallet does not support certificate operations

Raises:

  • (StandardError)

    propagates unexpected errors (network failures, key derivation errors, etc.) to the caller — only UnsupportedActionError is swallowed



27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
 
# File 'lib/bsv/auth/get_verifiable_certificates.rb', line 27

def get_verifiable_certificates(wallet, requested_certificates, verifier_identity_key)
  return [] unless wallet.respond_to?(:list_certificates) && wallet.respond_to?(:prove_certificate)

  certifiers = requested_certificates[:certifiers] || requested_certificates['certifiers'] || []
  types_map  = requested_certificates[:types]      || requested_certificates['types']      || {}

  list_result = wallet.list_certificates(
    certifiers: certifiers,
    types: types_map.keys
  )

  certificates = list_result[:certificates] || list_result['certificates'] || []
  return [] if certificates.empty?

  certificates.map do |cert|
    cert_type = cert[:type] || cert['type']
    fields_to_reveal = types_map[cert_type] || types_map[cert_type.to_s] || types_map[cert_type.to_sym] || []

    prove_result = wallet.prove_certificate(
      certificate: cert,
      fields_to_reveal: fields_to_reveal,
      verifier: verifier_identity_key
    )

    keyring = prove_result[:keyring_for_verifier] ||
              prove_result['keyring_for_verifier'] ||
              prove_result[:keyringForVerifier]    ||
              prove_result['keyringForVerifier']   ||
              {}

    VerifiableCertificate.new(
      type: cert_type,
      serial_number: cert[:serial_number] || cert['serial_number'] ||
                     cert[:serialNumber] || cert['serialNumber'],
      subject: cert[:subject] || cert['subject'],
      certifier: cert[:certifier] || cert['certifier'],
      revocation_outpoint: cert[:revocation_outpoint] || cert['revocation_outpoint'] ||
                           cert[:revocationOutpoint] || cert['revocationOutpoint'],
      fields: cert[:fields] || cert['fields'] || {},
      keyring: keyring,
      signature: cert[:signature] || cert['signature']
    )
  end
rescue BSV::Wallet::UnsupportedActionError
  # Wallet does not implement certificate operations (e.g. ProtoWallet).
  # Return empty — the requesting peer enforces its own requirements independently.
  []
end